Hi list, Kindly is there a way that I can prove externally that suse 9.2 and suse 9.3 firewall on the gateway is keeping the not so welcome visitors out? I ckeck internally with chkrootkit and rkhunter if such visitors are already in hiding. I would rather them be outsiude. Thanks Regards Johan
Quoting Johan <johanscheepers@hypermail.co.za>:
Hi list,
Kindly is there a way that I can prove externally that suse 9.2 and suse 9.3 firewall on the gateway is keeping the not so welcome visitors out?
www.grc.com - Windows oriented, keep click on Shields Up!, "All Service Ports". Scans first 1024 ports, the privileged ports plus some unprivileged ports Windows commonly opens. You should recognize all open ports and know what program is listening on them. Search Google for "port scan vulnerabilities" (without the quotes) for additional possibilites. Asking a friend to do a nmap or Nessus scan are also possibilities. HTH, Jeffrey
On Tue, 19 Jul 2005 02:57:38 -0500 "Jeffrey L. Taylor" <suse@austinblues.dyndns.org> wrote:
Quoting Johan <johanscheepers@hypermail.co.za>:
Hi list,
Kindly is there a way that I can prove externally that suse 9.2 and
suse 9.3 firewall on the gateway is keeping the not so welcome visitors out?
www.grc.com - Windows oriented, keep click on Shields Up!, "All Service Ports". Scans first 1024 ports, the privileged ports plus some unprivileged ports Windows commonly opens. You should recognize all open ports and know what program is listening on them.
Search Google for "port scan vulnerabilities" (without the quotes) for additional possibilites. Asking a friend to do a nmap or Nessus scan are also possibilities.
HTH, Jeffrey
I got a clean bill of health from the following site (Suse 9.3)..except..Results from scan of ICMP at TCP/IP address: ********* Could anybody kindly tell what that means and to protect against it Thanks http://scan.sygate.com/ Results from scan of ICMP at TCP/IP address: ********* Protocol Type Status Additional Information ICMP 8 OPEN An ICMP ping request is usually used to test Internet access. However, an attacker can use it to determine if your computer is available and what OS you are running. This gives him valuable information when he is determining what type of attack to use against you. You are not fully protected: We have detected that some of our probes connected with your compute - Johan Registered Linux User # 330034 May this be a good day for learning
************ I got a clean bill of health from the following site (Suse 9.3)..except..Results from scan of ICMP at TCP/IP address: ********* Could anybody kindly tell what that means and to protect against it Thanks
Results from scan of ICMP at TCP/IP address: *********
Protocol Type Status Additional Information ICMP 8 OPEN An ICMP ping request is usually used to test Internet access. However, an attacker can use it to determine if your computer is available and what OS you are running. This gives him valuable information when he is determining what type of attack to use against you.
You are not fully protected: We have detected that some of our probes connected with your compute
- Johan Registered Linux User # 330034 May this be a good day for learning
Tell the firewall to drop icmp echo request packets. The ping won't get any responses. But that isn't a real big problem/threat. Blocking ping won't stop determined people from checking out your box. But based on your scan results, you're in good shape, at least from the outside lokking in (no open ports to the outside world). John
Quoting Johan <johanscheepers@hypermail.co.za>:
On Tue, 19 Jul 2005 02:57:38 -0500 "Jeffrey L. Taylor" <suse@austinblues.dyndns.org> wrote:
Quoting Johan <johanscheepers@hypermail.co.za>:
Hi list,
Kindly is there a way that I can prove externally that suse 9.2 and
suse 9.3 firewall on the gateway is keeping the not so welcome visitors out?
www.grc.com - Windows oriented, keep click on Shields Up!, "All Service Ports". Scans first 1024 ports, the privileged ports plus some unprivileged ports Windows commonly opens. You should recognize all open ports and know what program is listening on them.
Search Google for "port scan vulnerabilities" (without the quotes) for additional possibilites. Asking a friend to do a nmap or Nessus scan are also possibilities.
HTH, Jeffrey
I got a clean bill of health from the following site (Suse 9.3)..except..Results from scan of ICMP at TCP/IP address: ********* Could anybody kindly tell what that means and to protect against it Thanks
Results from scan of ICMP at TCP/IP address: *********
Protocol Type Status Additional Information ICMP 8 OPEN An ICMP ping request is usually used to test Internet access. However, an attacker can use it to determine if your computer is available and what OS you are running. This gives him valuable information when he is determining what type of attack to use against you.
You are not fully protected: We have detected that some of our probes connected with your compute
- Johan Registered Linux User # 330034 May this be a good day for learning
In /etc/sysconfig/SuSEfirewall2: FW_ALLOW_PING_FW="no" And restart firewall HTH, Jeffrey
Johan wrote:
Hi list,
Kindly is there a way that I can prove externally that suse 9.2 and suse 9.3 firewall on the gateway is keeping the not so welcome visitors out?
No, there is no such thing as a fool-proof firewall. You can only check if the ports you want to deny to external access are indeed closed. Use nmap from an external host for that purpuse. Also check if the internal access to the internet has been set according to the agreed rules. The Ports you do allow are the holes in your armor. See to it that you limit access to allowed services as much as possible. If possible restrict access to the list of clients/ip addresses that are known to you. If not possible think about vpn access for the clients. Most internal networks are cracked by circumventing the firewall and attacking a less protected front. Think about an infected document, a password some careless user lets slip or laptops brought in from the outside.
I ckeck internally with chkrootkit and rkhunter if such visitors are already in hiding.
I would rather them be outsiude.
Wouldn't we all rather? (^-^) Sandy -- List replies only please! Please address PMs to: news-reply (@) japantest (.) homelinux (.) com
Johan wrote:
Hi list,
Kindly is there a way that I can prove externally that suse 9.2 and suse 9.3 firewall on the gateway is keeping the not so welcome visitors out?
You can never prove that. However, you can verify it's filtering the desired ports, by running nmap or going to one of the port scan sites.
participants (5)
-
James Knott -
Jeffrey L. Taylor -
Johan -
John Scott -
Sandy Drobic